Total Proposal Security

The National Science Foundation uses a computerized proposal-and-report submission system called FastLane. When I first submitted a proposal, this required three things to log in: your last name, your Social Security number, and a password of your choice.

Sometime in the last year, they stopped using the SSN, and switched to a randomly generated nine-digit ID number. Which they sent me in a massage that somehow manages not to include the strings “NSF,” “FastLane,” or “National Science Foundation.” “ID” by itself returns too many results in GMail to be useful.

On the bright side, at least I can be confident that nobody else is going to log in and submit the final project report that’s due…

Comments

  1. #1 Eric Lund
    June 29, 2009

    There should be a link somewhere on the FastLane home page that will let you request the secret number. At least there was three months ago when I had to submit an interim report on my NSF grant. They sent me the secret number in a message with the subject “Requested NSF ID”. I looked for the message in which they originally sent me the number, but I couldn’t find it.

  2. #2 Emory Kimbrough
    June 29, 2009

    Dear Professor Orzel,

    We have not received your expected final project report. We have, however, received a new grant proposal requesting funds for the following items:

    Cheese
    Bunnies
    Bacon
    Chew Toys

    We are unclear on how these items are relevant to the research funded under your current grant. One reviewer has recommended that you investigate whether someone else with access to your computer and/or residence may have intercepted a recent NSF e-mail with your new password, and used this to file a fraudulent proposal under your name.

    Best wishes,

    NSF

  3. #3 Chad Orzel
    June 29, 2009

    There should be a link somewhere on the FastLane home page that will let you request the secret number.

    I couldn’t find a link, but they did have a phone support number, and after ten minutes on hold, I got it taken care of.

    I still don’t know what they did with the original message that GMail couldn’t find it. Google’s usually pretty good at that sort of thing, you know?

  4. #4 NoAstronomer
    June 29, 2009

    They sent you a massage?! How does that work? Does the NSF have a side deal with craigslist?

    Sorry, couldn’t resist.

    Mike.

  5. #5 Doug Natelson
    June 29, 2009

    Chad, I just checked my email client, and my version of the NSF message (January 2008) actually had the subject line “Requested NSF ID”. Who knows the mysteries of gmail….

  6. #6 Kate W.
    June 29, 2009

    And yet FastLane is the crown jewel of federal online grants management. You could have to use grants.gov.

  7. #7 Lassi Hippeläinen
    June 30, 2009

    That sounds like “security theater” (as Bruce Schneier calls it). Sending the id afterwards using non-secure email is stupid. You should generate it in real time, during an encrypted session.

The site is currently under maintenance and will be back shortly. New comments have been disabled during this time, please check back soon.